19 matches found
EUVD-2007-3933
Malware in sbrugna...
EUVD-2021-0062
Malware in sbrugna...
EUVD-2022-3520
Malicious code in bioql PyPI...
CVE-2025-3454
This vulnerability in Grafana's datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path. Users with minimal permissions could gain unauthorized read access to GET endpoints in Alertmanager and Prometheus datasources. The issue primarily...
GHSA-VRCH-868G-9JX5 Traefik allows path traversal using url encoding
Impact There is a potential vulnerability in Traefik managing the requests using a PathPrefix, Path or PathRegex matcher. When Traefik is configured to route the requests to a backend using a matcher based on the path, if the URL contains a URL encoded string in its path, it’s possible to target ...
CVE-2023-43805
Nexkey is a fork of Misskey, an open source, decentralized social media platform. Prior to version 12.121.9, incomplete URL validation can allow users to bypass authentication for access to the job queue dashboard. Version 12.121.9 contains a fix for this issue. As a workaround, it may be possibl...
CVE-2004-2283
Unknown vulnerability in DansGuardian before 2.6.1-13 allows remote attackers to bypass URL filters via a crafted request that causes a page to be added to the clean page cache...
CVE-2002-1961
Finjan Software SurfinGate 6.0 and 6.0 1 allows remote attackers to bypass URL access restrictions via a URL whose hostname portion uses a fully qualified domain name FQDN that ends in a "." dot...
FreeBSD : py-flask-security -- user redirect to arbitrary URL vulnerability (06492bd5-085a-4cc0-9743-e30164bdcb1c)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 06492bd5-085a-4cc0-9743-e30164bdcb1c advisory. - This affects all versions of package Flask-Security. When using the getpostlogoutredirect and...
[SECURITY] [DLA 3545-1] flask-security security update
Debian LTS Advisory DLA-3545-1 [email protected] https://www.debian.org/lts/security/ Sean Whitton August 28, 2023 https://wiki.debian.org/LTS Package : flask-security Version : 1.7.5-2+deb10u1 CVE ID : CVE-2021-23385 Debian Bug : 1021279 It was discovered that when using the...
WordPress Abandoned Cart Lite For WooCommerce 5.14.2 Authentication Bypass Exploit
WordPress Abandoned Cart Lite for WooCommerce plugin versions 5.14.2 and below proof of concept authentication bypass exploit. Entering the URL in browser will give you access to the respective users acc...
PT-2023-18285 · WordPress · Cmp – Coming Soon & Maintenance Plugin
Name of the Vulnerable Software and Affected Versions: CMP – Coming Soon & Maintenance plugin for WordPress versions up to, and including, 4.1.7 Description: The issue allows users to bypass the maintenance mode feature of the plugin. This can be achieved by including a correct cmp bypass GET...
URL Redirection to Untrusted Site ('Open Redirect')
This affects all versions of package Flask-Security. When using the getpostlogoutredirect and getpostloginredirect functions, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\evil.com/path. This vulnerability is only...
CVE-2021-23385
This affects all versions of package Flask-Security. When using the getpostlogoutredirect and getpostloginredirect functions, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\evil.com/path. This vulnerability is only...
Discuz! X2 回复仅作者可见控制不严
简要描述: Discuz! X2 发布回复仅作者可见的主题帖,普通会员可以绕过该机制获得被隐藏的部分内容 详细说明: 帖子为打开状态时,可以通过楼层获得fid、tid、repposet 这3个参数,手动URL提交,可获取引用回复,引用回复中含有被屏蔽(仅作者可见的)部分内容。 漏洞证明: 拼接的url...
CVE-2007-3949
modaccess.c in lighttpd 1.4.15 ignores trailing / slash characters in the URL, which allows remote attackers to bypass url.access-deny settings...
CVE-2007-1224
Grok Developments NetProxy 4.03 allows remote attackers to bypass URL filtering via a request that omits "http://" from the URL and specifies the destination port :80...
F5 Firepass多个输入验证漏洞
F5的FirePass服务器是一款可以通过任何标准Web浏览器为用户提供到公司网络安全接入的网络设备。 FirePass服务器存在多个跨站脚本攻击,远程攻击者可以利用漏洞获得目标用户敏感信息。 问题一是主要登录页面-my.logon.php3对用户提交的crs和xcho参数缺少过滤,吨斤毫秒度 恶意脚本代码作为参数数据,并诱使用户查看可导致脚本代码在目标浏览器上执行并泄露敏感信息。...
iisPROTECT Encoded URL Authentication Bypass
The remote host is running iisPROTECT, an IIS add-on to protect pages served by the web server. iisPROTECT is affected by an authentication bypass vulnerability due to a failure to recognize basic URL encoding. A remote attacher can exploit this, via hex-encoding requested URLs, to read sensitive...